<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html xmlns="http://www.w3.org/1999/xhtml">
    
    <?php
        
        require_once '../table_object/User.php';
        $User = new User();
        
        $FailMessage = "";
        
        if(isset($_POST['user']) &&
           isset($_POST['pwd'])) {
            
            $UserVO = new UserVO;
            $UserVO->set_user(get_post($_POST['user']));
            $UserVO->set_pwd(get_post($_POST['pwd']));
            $result = $User->verifyLogin($UserVO);            
            
            if($result) {
                session_start();
                ini_set('session.gc_maxlifetime', 60);
                $_SESSION['user'] = $UserVO->get_user();
                header("Location: ./MainMenu.php");
            } else {
                $FailMessage = "User / Password not found. Please try again.";
            }
            
        }
        
        // Avoid SQL injection
        function get_post($string) {
            
            if(get_magic_quotes_gpc()) {
                $string = stripslashes($string);
            }

            return htmlentities(mysql_real_escape_string($string));
                        
        }
        
    ?>
    
    <head>
        <link href="../css/Main.css" rel="stylesheet" type="text/css">
        <link href="../css/Login.css" rel="stylesheet" type="text/css">
        <title>Web App Dev - Mcgill</title>
    </head>

    <body>
        <div id="containerLogin">
            <form action="./Login.php" method="post">
                <label for="user">User:</label>
                <input type="text" id="user" name="user" autofocus>
                <label for="pwd">Password:</label>
                <input type="password" id="pwd" name="pwd">
                <div id="lower">
                    <input type="submit" value="Login">
               </div>
               <div>
                    <p id="failedMessage"><?php echo $FailMessage; ?></p>
               </div> 
            </form>
        </div> 
    </body>
</html>
